Posts by Category:
A Definitive Guide to SOC 2 Policies
In this post, we will help you get started with a hierarchy to follow, as well as a summary of each individual SOC 2 policy.
A Practical Approach to Just-in-Time (JIT) Access for Developers
Should application developers have access to production database systems? This is a question as old as Vampires and Werewolves.
LDAP and VPN Alternative
So you’re ready to move away VPN or from complicated user management like LDAP, ready to stop worrying about private keys existing on developer laptops, and ready to up your compliance game with audit trails on all of your SSH and database sessions.
Software Development Lifecycle Policy | A Practical Guide to SOC2
A software development lifecycle (SDLC) policy helps your company not suffer a similar fate by ensuring software goes through a testing process, is built as securely as possible, and that all development work is compliant as it relates to any regulatory guidelines and business needs.Here are some primary topics your software development lifecycle policy and software development methodology should cover
AWS Console Alternative, Secure AWS Management
Gone are the days of sharing AWS root account credentials in a shared 1Password vault or worse, via email. With this in mind, one of the first steps to securing our AWS account is setting up AWS IAM.
3 ways to Implement Role-Based Access Controls for Kubernetes
Managing RBAC in a way that’s suitable to the size of your company is confusing and overwhelming. Before speeding to implementing policy, it’s worth figuring out what problems RBAC is actually trying to solve.
DevSecOps: The Core Curriculum Opening Remarks
Listen to CEO Liz Zalman give opening remarks at the 2019 DevSecOps conference!
Connecting Postgres to Active Directory for Authentication
While primarily geared towards developers, PostgreSQL is also designed to help system administrators safely and robustly store information in databases. In this post, we will demonstrate how to install a PostgreSQL database and then configure Active Directory users to authenticate to it.
How We Automate User Provisioning & Keep Track of Credentials
There are a number of ways to automate user provisioning but the real challenge lies in keeping track of those credentials.
Physical Facility Access Policy Best Practices
In this policy, you will define the controls, monitoring, and removal of physical access to your company’s facilities.
BYOD Policy | Best Practices to Help Keep Your Network Secure
Bring your own device, can be tricky to regulate. At a minimum, your BYOD policy should define certain requirements to help secure your network.
Connect your first server or database in 5 minutes. No kidding.
"When strongDM said deployment would take an hour, I assumed they were full of it and blocked out a full day. We finished in 45 minutes." - Peter Tormey, Manager DataOps, SoFi